How To: Inject custom HTTP headers with Fiddler

When you’re testing a web service or web site with authentication credentials posted via HTTP headers, you might want a way to inject testing credentials without login in. Fiddler could help with that, but its rules need to be configured. Below I’ll describe how to do that Fiddler v4.5 (did not experiment in earlier versions).

In Fiddler you can add your own rules editing CustomRules.txt which is located here C:\%UserProfile%\Documents\Fiddler2\Scripts. Or you can open it from the menu.

The file contains the class Handlers. At first we should add a menu item to enable the custom headers.

C#

1

2

3

publicstaticRulesOption("Enable X-MyWebService headers")

BindPref("fiddlerscript.rules.XMyWebServiceHeaders")

varm_XMyWebServiceHeaders:boolean=false;

The code above should be placed in the beginning of the class definition. Fiddler will read it and add the item on-the-fly under “Customize Rules…”. Now you can enable or disable the headers.

It’s just a flag and you need to add another piece of code to the custom rules. You should find the method OnBeforeRequest and a condition to add the headers when the flag is enabled.